Email SecurityAlso called: "DMARC policy", "email authentication policy"
DMARC is a policy framework that tells receiving mail servers what to do when SPF or DKIM checks fail, and provides visibility into who is sending email on behalf of your domain.
Why it matters
- Prevents cybercriminals from spoofing your domain in phishing attacks.
- Provides aggregate and forensic reports showing all email authentication activity.
- Required for compliance with many security frameworks and vendor requirements.
- Dramatically improves email deliverability when properly configured.
- Protects customers and partners from receiving fraudulent emails appearing to be from your organization.
How it works
- Requires both SPF and DKIM to be configured first.
- Published as a TXT record in DNS: _dmarc.yourdomain.com
- Specifies a policy: none (monitor), quarantine (junk folder), or reject (block).
- Defines alignment requirements between header From domain and SPF/DKIM domains.
- Sends XML reports to specified addresses showing authentication results.
How to implement
- Start with "p=none" policy to monitor without blocking email.
- Configure aggregate report destination (rua=mailto:[email protected]).
- Review reports to identify legitimate senders and authentication issues.
- Gradually move to "p=quarantine" then "p=reject" as confidence increases.
- Set percentage rollout (pct=) to test policies on subsets of email traffic.
Explore More Email Security
View all termsDKIM (DomainKeys Identified Mail)
Email authentication method that uses cryptographic signatures to verify that email content has not been tampered with in transit.
Read more →Email Headers
Metadata attached to emails that shows routing information, authentication results, and delivery path.
Read more →SPF (Sender Policy Framework)
Email authentication method that specifies which mail servers are authorized to send email on behalf of your domain.
Read more →